CVE-2018-12457
HIGH8.8EPSS 0.52%express-cart allows any user to create an admin user
發布日:2022/5/13修改日:2026/2/3
描述
Express-Cart before 1.1.6 allows remote attackers to create an admin user via an `/admin/setup` Referer header.
受影響套件(1)
- npm/express-cartfrom 0, < 1.1.6
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.8 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
參考連結(8)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2018-12457
- PATCHhttps://github.com/mrvautin/expressCart
- WEBhttps://github.com/mrvautin/expressCart/commit/baccaae9b0b72f00b10c5453ca00231340ad3e3b
- WEBhttps://github.com/nodejs/security-wg/blob/main/vuln/npm/469.json
- WEBhttps://hackerone.com/reports/343626
- WEBhttps://snyk.io/vuln/npm:express-cart:20180712
- WEBhttps://www.npmjs.com/advisories/730
- WEBhttps://www.npmjs.com/package/express-cart?activeTab=versions